Merge pull request #1447 in SNORT/snort3 from ~DDAHIPHA/snort3:heap_overflow_fix...

Squashed commit of the following:

commit baa221ddec90f0f3153bfb64bb62c9f5e27fbc02
Author: Devendra Dahiphale <ddahipha@cisco.com>
Date:   Mon Dec 3 09:26:19 2018 -0500

    appid: Fix heap overflow issue for a fuzzed pcap

diff --git a/src/network_inspectors/appid/service_plugins/service_ssl.cc b/src/network_inspectors/appid/service_plugins/service_ssl.cc
index bd7ef949146dbf2c54dcc06ef01ddbe23ae577f0..4ae336d7c3828c0a29bc829c74ce58e101014399 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_ssl.cc
+++ b/src/network_inspectors/appid/service_plugins/service_ssl.cc
@@ -443,8 +443,12 @@ static void parse_client_initiation(const uint8_t* data, uint16_t size, ServiceS
             return;
         }
 
-        data   += ntohs(ext->length) + offsetof(ServiceSSLV3ExtensionServerName, list_length);
-        length -= ntohs(ext->length) + offsetof(ServiceSSLV3ExtensionServerName, list_length);
+        unsigned len = ntohs(ext->length) + offsetof(ServiceSSLV3ExtensionServerName, list_length);
+        if (len > length)
+            return;
+
+        data += len;
+        length -= len;
     }
 }